Let’s Encrypt nginx configuration

I’m a very happy user of the letsencrypt.com closed beta programm and wanted to share the configuration for this very vhost on nginx. While researching possible configuratiuons I stumbeled upon a site from the Mozilla Project, that generates SSL configurations for your webserver.

Prerequisites

Before we can start using the letsencryt there are a few prerequisite that have to be attened to in the nginx configuration.

Before we reload nginx lets create the letsencrypt challenge folder via mkdir -p /tmp/letsencrypt-auto and then reload nginx. Now we can generate new certificates for our domain, without stopping nginx, to do so run the following commands:

Modified Configuration

So now that we got the base configuiration let’s tweak it a little, because some stuff does not match my requirements.

First we create a stronger Diffie Hellman Ephemeral Parameters key for nginx. Here I choose to go against generating the DHE system wide in /etc/ssl/certs, which are just 1024bit, to not mess with my system (yet).